sigma-rules

Files

T

Terrance DeJesus 5e1546c57c [Rule Tuning] Multiple Users with the Same Okta Device Token Hash (#3304 )

* tuning rule; adding investigation guide

* updated MITRE ATT&CK

* updated file name

* Updating description

* updated investigation guide

* fixed ATT&CK mappings; updated tags

2023-12-06 10:35:46 -05:00

aws

[Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221 )

2023-10-24 12:51:59 -04:00

azure

[Security Content] Include "Data Source: Elastic Defend" tag (#3002 )

2023-09-05 14:22:01 -04:00

beaconing

[New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128 )

2023-10-30 10:05:24 -04:00

cloud_defend

[New Rule] Modification of Dynamic Linker Preload Shared Object Inside A Container (#2837 )

2023-07-17 15:03:24 -04:00

cyberarkpas

[Security Content] Tags Reform (#2725 )

2023-06-22 18:38:56 -03:00

ded

[New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126 )

2023-10-14 13:23:48 -04:00

dga

[New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102 )

2023-10-16 15:48:54 -04:00

endpoint

[Security Content] Tags Reform (#2725 )

2023-06-22 18:38:56 -03:00

gcp

[Security Content] Tags Reform (#2725 )

2023-06-22 18:38:56 -03:00

github

[New Rule] New GitHub App Installed (#3055 )

2023-10-12 20:10:20 -04:00

google_workspace

[Security Content] Tags Reform (#2725 )

2023-06-22 18:38:56 -03:00

kubernetes

[Rule Tuning] Kubernetes Anonymous Request Authorized (#2865 )

2023-07-17 13:03:05 -04:00

lmd

[New Rule] Migrate Lateral Movement Detection Rules (#3175 )

2023-10-12 15:02:19 -04:00

o365

[New] Suspicious Microsoft 365 Mail Access by ClientAppId (#2933 )

2023-07-19 16:05:13 +01:00

okta

[Rule Tuning] Multiple Users with the Same Okta Device Token Hash (#3304 )

2023-12-06 10:35:46 -05:00

problemchild

[New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193 )

2023-10-23 12:23:56 -04:00